Suddenly some banks here in Estonia have decided that they must start offering banking services over Internet already during the next months. What worries me is that some of them are talking about using 40-bit SSL as the main security mechanism. What about banks in US and Europe, how many of them are using Internet and WWW to offer their services already? Is it possible to use WWW forms to make real transactions or can you just view your transaction history and account status? In case the banks are using WWW forms and SSL, are the services limited to 128-bit clients? How is the client authentication handled? Does the client just get a plain username and password? I had a look at some banks like Security First National Bank and some others, and it seems that they use just SSL + username/password for they banking services. Does this really work, especially with 40-bit keys? SSL with client certificates would seem a little bit more secure once it is available, but still not secure enough for real banking on Internet. Just curious (and confused), Juri Kaljundi jk@digit.ee